BSA Compliance Rises to the Top of Regulatory Interests

WASHINGTON-Recent public violations of the Bank Secrecy Act, such as the Riggs Bank incident, have led to increased scrutiny by the federal financial regulators. So far, just one credit union-Suffolk Federal Credit Union in November 2004-has been hit with a Letter of Understanding and Agreement for a BSA violation. However, as examiners continue to intensify their focus, more could be coming, one D.C. law firm warned. According to attorneys from Venable, LLP, credit unions’ biggest hurdle can be a lack of resources, especially the smaller institutions. And smaller does not necessarily equate to being at less risk; really it comes down to complexity of operations. The Federal Financial Institutions Examination Council regulators, including NCUA, have been very open about what they will be looking for, particularly through the examiners on the front lines. In fall 2005, NCUA issued a Letter to Credit Unions (05-CU-16) alerting them to the FFIEC’s Bank Secrecy Act/Anti-Money Laundering Examination Manual the agencies issued over the summer. The letter also included the Automated Integrated Regulatory Examination System’s (AIRES) BSA questionnaire that examiners began using to review programs as of Sept. 30. The three key pieces of advice in the letter point to: *Risk Assessment *Independent Testing *Monitoring Suspicious Activity Some of the most important things a credit union can do is find someone knowledgeable of the issues, make sure the board of directors is involved, scrutinize transactions, and do basic member due diligence. The “basic building blocks” of a solid BSA program include: * Having a compliance officer; * Undergoing an audit; * Keeping up on internal controls and training; * Establishing a Customer Identification Program; * Identifying targets of Treasury’s Office of Foreign Asset Control; * Complying with law enforcement requests; and * Putting policies in place to support these things. It is also helpful to have automated systems in place, like aggregation software to track multiple transactions by the same member. Credit unions are not likely to be hit with a Riggs $40 million fine, but it would be commensurate with the size of the institution and the significance of the violation. On top of that is the reputational damage. Riggs was a prominent bank in Washington, D.C., but had to sell out to PNC because of the incident. -